Method for hearing system communication and related devices

ABSTRACT

A method for communication in a hearing system comprising the server device and a hearing device system, the hearing device system comprising a hearing device and a user accessory device with a user application installed thereon, the method includes: obtaining hearing device data for the hearing device; securing the hearing device data using a first security scheme to obtain a first output; securing the first output using a second security scheme to obtain a second output, wherein the second security scheme is different from the first security scheme; and transmitting the second output to the user accessory device.

RELATED APPLICATION DATA

This application is the continuation of U.S. patent application Ser. No.15/811,678, filed on Nov. 14, 2017, pending, which claims priority to,and the benefit of, European Patent Application No. 16202919.3 filed onDec. 8, 2016. The entire disclosures of the above applications areexpressly incorporated by reference herein.

FIELD

The present disclosure relates to communication in a hearing systemcomprising a server device and a hearing device system, wherein thehearing device system comprises a hearing device and a user accessorydevice. In particular, the present disclosure relates to methods anddevices for communication in a hearing system.

BACKGROUND

Wireless communication to and from different entities of a hearingsystem has been increasing in continuation of the developments withinwireless communication technology. However, the new technologies entailnew challenges for the hearing aid manufacturers in order to securecommunication in a hearing system. Wireless communication interfaces ofa hearing system desirably use an open standard-based interface.However, this poses many challenges in terms of security. Further, ahearing device is a very small device with strict constraints in termsof computational power, memory space etc.

SUMMARY

There is a need for apparatus, devices and methods for providingimproved and effective security for hearing system communication.Further, there is a need for devices and methods reducing the risk ofhearing device data being compromised by a third (unauthorized) party.

Accordingly, a method for hearing system communication in a hearingsystem comprising a server device and a hearing device system comprisinga hearing device and a user accessory device with a user applicationinstalled thereon is provided. The method comprises: obtaining hearingdevice data for the hearing device in the server device; securing, e.g.encrypting and/or digitally signing, the hearing device data, e.g. usinga first security scheme to obtain a first output; securing, e.g.encrypting and/or digitally signing, the first output, e.g. using asecond security scheme to obtain a second output, wherein the secondsecurity scheme is optionally different from the first security scheme;transmitting the second output to the user application; validating, e.g.decrypting and/or verifying, the second output in the user application,e.g. using the second security scheme to obtain the first output;transmitting the first output to the hearing device; receiving andvalidating, e.g. decrypting and/or verifying, the first output in thehearing device, e.g. using the first security scheme to obtain thehearing device data; and optionally operating the hearing deviceaccording to the hearing device data. The method may comprisetransmitting the first output to the hearing device if validating thesecond output is successful. The method may comprise not transmittingthe first output to the hearing device if validating the second outputfails.

A server device for communication in a hearing system comprising theserver device and a hearing device system comprising a hearing deviceand a user accessory device with a user application installed thereon isdisclosed. The server device comprises a processing unit configured to:obtain hearing device data for the hearing device;

secure, e.g. encrypt and/or digitally sign, the hearing device datausing a first security scheme to obtain a first output; secure, e.g.encrypt and/or digitally sign, the first output using a second securityscheme to obtain a second output, wherein the second security scheme isdifferent from the first security scheme; and transmit the second outputto the user application.

Further, a method for hearing system communication in a hearing systemcomprising a server device and a hearing device system comprising ahearing device and a user accessory device with a user applicationinstalled thereon is provided. The method comprises: obtaining hearingdevice data for the hearing device in the server device; securing, e.g.encrypting and/or digitally signing, the hearing device data, e.g. usinga second security scheme to obtain a second output; transmitting thesecond output to the user application; validating, e.g. decryptingand/or verifying, the second output in the user application, e.g. usingthe second security scheme to obtain the hearing device data; securing,e.g. encrypting and/or digitally signing, the hearing device data, e.g.using a first security scheme to obtain a first output, wherein thefirst security scheme is optionally different from the second securityscheme; transmitting the first output to the hearing device; receivingand validating, e.g. decrypting and/or verifying, the first output inthe hearing device, e.g. using the first security scheme to obtain thehearing device data; and optionally operating the hearing deviceaccording to the hearing device data. The method may comprisetransmitting the first output to the hearing device if validating thesecond output is successful. The method may comprise not transmittingthe first output to the hearing device if validating the second outputfails.

Also, a user application for communication in a hearing systemcomprising a server device and a hearing device system comprising ahearing device and a user accessory device with the user applicationinstalled thereon is provided, wherein the user application isconfigured to: receive a second output from the server device; validate,e.g. decrypt and/or verify, the second output in the user applicationusing a second security scheme to obtain hearing device data; secure,e.g. encrypt and/or digitally sign, the hearing device data using afirst security scheme to obtain a first output, wherein the firstsecurity scheme is different from the second security scheme; andtransmit the first output to the hearing device.

It is an important advantage of the present disclosure that securehearing system communication is provided while at the same timeconsidering the limited computational power of a hearing device. Thus,effective and secure hearing system communication is provided.

A method performed by a hearing system comprising a server device and ahearing device system, the hearing device system comprising a hearingdevice and a user accessory device with a user application installedthereon, the method includes: obtaining hearing device data for thehearing device in the server device; securing the hearing device datausing a first security scheme to obtain a first output; securing thefirst output using a second security scheme to obtain a second output,wherein the second security scheme is different from the first securityscheme; transmitting the second output to the user accessory device;validating, using the user application in the user accessory device, thesecond output that is associated with the second security scheme toobtain the first output; transmitting the first output to the hearingdevice; validating, using the hearing device, the first output that isassociated with the first security scheme to obtain the hearing devicedata; and operating the hearing device according to the hearing devicedata.

Optionally, the first security scheme involves a first key having afirst key length, and wherein the act of securing the hearing devicedata using a first security scheme comprises encrypting the hearingdevice data with the first key to obtain a first cipher text as at leasta part of the first output.

Optionally, the act of securing the hearing device data using a firstsecurity scheme comprises digitally signing the hearing device data toobtain a first digital signature as at least a part of the first output.

Optionally, act of securing the first output using a second securityscheme comprises digitally signing the first output to obtain a seconddigital signature as at least a part of the second output.

Optionally, the second security scheme involves a second key having asecond key length, and wherein act of securing the first output using asecond security scheme comprises encrypting the first output with thesecond key to obtain a second cipher text as at least a part of thesecond output.

Optionally, the first key length is shorter than the second key length.

Optionally, the second security scheme involves a key having a keylength, and wherein act of securing the first output using a secondsecurity scheme comprises encrypting the first output with the key toobtain a cipher text as at least a part of the second output.

Optionally, the hearing device data comprises a hearing device dataintegrity indicator, the method further comprising verifying, in thehearing device, the hearing device data based on the hearing device dataintegrity indicator, and wherein the act of operating the hearing deviceaccording to the hearing device data is performed if the hearing devicedata are verified.

Optionally, the first security scheme comprises or is based on a firstcommon secret, and wherein the act of securing the hearing device dataand the act of validating the first output are performed based on thefirst common secret.

Optionally, the second security scheme comprises or is based on a secondcommon secret, and wherein the act of securing the first output and theact of validating the second output are performed based on the secondcommon secret.

Optionally, the first security scheme involves a first primary key and afirst secondary key; wherein the first secondary key is different fromthe first primary key; wherein the act of securing the hearing devicedata is performed based on the first primary key; and wherein the act ofvalidating the first output is performed based on the first secondarykey.

Optionally, the second security scheme involves a second primary key anda second secondary key; wherein the second secondary key is differentfrom the second primary key; wherein the act of securing the firstoutput is performed based on the second primary key; and wherein the actof validating the second output is performed based on the secondsecondary key.

Optionally, the second security scheme involves a primary key and asecondary key; wherein the secondary key is different from the primarykey; wherein the act of securing the first output is performed based onthe primary key; and wherein the act of validating the second output isperformed based on the secondary key.

A server device for communication in a hearing system comprising theserver device and a hearing device system, the hearing device systemcomprising a hearing device and a user accessory device with a userapplication installed thereon, wherein the server device comprises aprocessing unit configured to: obtain hearing device data for thehearing device; secure the hearing device data using a first securityscheme to obtain a first output; secure the first output using a secondsecurity scheme to obtain a second output, wherein the second securityscheme is different from the first security scheme; and transmit thesecond output to the user accessory device.

A method for communication in a hearing system comprising the serverdevice and a hearing device system, the hearing device system comprisinga hearing device and a user accessory device with a user applicationinstalled thereon, the method includes: obtaining hearing device datafor the hearing device; securing the hearing device data using a firstsecurity scheme to obtain a first output; securing the first outputusing a second security scheme to obtain a second output, wherein thesecond security scheme is different from the first security scheme; andtransmitting the second output to the user accessory device.

Optionally, the security scheme comprises a first key having a first keylength, and wherein the act of securing the hearing device data usingthe security scheme comprises encrypting the hearing device data withthe first key to obtain a first cipher text as at least a part of theoutput.

A method performed by a user accessory device, the user accessory devicebeing a part of a hearing device system having a hearing device, theuser accessory device having a user application installed thereon,wherein the hearing device system is configured to communicate with aserver device, the server device configured to obtain hearing devicedata, secure the hearing device data using a first security scheme toobtain a first output, secure the first output using a second securityscheme to obtain a second output, the method includes: receiving thesecond output by the user accessory device; validating, using the userapplication in the user accessory device, the second output that isassociated with the second security scheme to obtain the first output;and transmitting the first output to the hearing device for validationto obtain the hearing device data, wherein the hearing device isoperable according to the hearing device data upon validation of thefirst output. A user accessory device that is a part of a hearing devicesystem having a hearing device, the user accessory device having a userapplication installed thereon, wherein the hearing device system isconfigured to communicate with a server device, the server deviceconfigured to obtain hearing device data, secure the hearing device datausing a first security scheme to obtain a first output, secure the firstoutput using a second security scheme to obtain a second output, theuser accessory device of the hearing device system configured to:receive the second output; validate the second output that is associatedwith the second security scheme to obtain the first output; and transmitthe first output to the hearing device for validation to obtain thehearing device data, wherein the hearing device is operable according tothe hearing device data upon validation of the first output.

A hearing device system includes the user accessory device, and thehearing device, wherein the hearing device is configured to obtain thefirst output, and validate the first output to obtain the hearing devicedata.

A method performed by a user accessory device that is a part of ahearing device system having a hearing device, the user accessory devicehaving a user application installed thereon, the method includes:receiving a secured hearing device data by the user accessory devicefrom a server device; validating, using the user application in the useraccessory device, the secured hearing device data to obtain the hearingdevice data; securing, by the user accessory device, the hearing devicedata using a first security scheme to obtain an output, wherein thesecured hearing device data received from the server device is securedusing a second security scheme, and wherein the first security scheme isdifferent from the second security scheme; and transmitting the outputto the hearing device for validation in the hearing device, wherein thehearing device is operable according to the hearing device data uponvalidation of the output.

A user accessory device that is a part of a hearing device system havinga hearing device, the user accessory device having a user applicationinstalled thereon, the user accessory device having a processing unitconfigured to: receive a secured hearing device data from a serverdevice; validate, using the user application in the user accessorydevice, the secured hearing device data to obtain the hearing devicedata; and secure the hearing device data using a first security schemeto obtain an output, wherein the secured hearing device data receivedfrom the server device is secured using a second security scheme, andwherein the first security scheme is different from the second securityscheme; wherein the user accessory device is configured to transmit theoutput to the hearing device for validation in the hearing device,wherein the hearing device is operable according to the hearing devicedata upon validation of the output.

A program product for a user accessory device that is a part of ahearing device system having a hearing device, the program producthaving a set of instructions, an execution of which by a processing unitin the user accessory device will cause the user accessory device toperform a method, the method includes: receiving a secured hearingdevice data by the user accessory device from a server device;validating, using the user application in the user accessory device, thesecured hearing device data to obtain the hearing device data; securing,by the user accessory device, the hearing device data using a firstsecurity scheme to obtain an output, wherein the secured hearing devicedata received from the server device is secured using a second securityscheme, and wherein the first security scheme is different from thesecond security scheme; and transmitting the output to the hearingdevice for validation in the hearing device, wherein the hearing deviceis operable according to the hearing device data upon validation of theoutput.

A method performed by a hearing system comprising a server device and ahearing device system, the hearing device system comprising a hearingdevice and a user accessory device with a user application installedthereon, the method includes: obtaining hearing device data for thehearing device in the server device; securing the hearing device datausing a security scheme to obtain an output; transmitting the output tothe user accessory device; validating, by the user accessory device, theoutput that is associated with the security scheme to obtain the hearingdevice data;

securing the hearing device data using another security scheme to obtainanother output, wherein the other security scheme is different from thesecurity scheme; transmitting the other output to the hearing device;validating the other output in the hearing device to obtain the hearingdevice data; and operating the hearing device according to the hearingdevice data.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features and advantages will become readily apparentto those skilled in the art by the following detailed description ofexemplary embodiments thereof with reference to the attached drawings,in which:

FIG. 1 schematically illustrates a hearing system,

FIG. 2 is a flow diagram of an exemplary method,

FIG. 3 is a flow diagram of an exemplary method, and

FIG. 4 schematically illustrates an exemplary server device.

DETAILED DESCRIPTION

Various exemplary embodiments and details are described hereinafter,with reference to the figures when relevant. It should be noted that thefigures may or may not be drawn to scale and that elements of similarstructures or functions are represented by like reference numeralsthroughout the figures. It should also be noted that the figures areonly intended to facilitate the description of the embodiments. They arenot intended as an exhaustive description of the invention or as alimitation on the scope of the invention. In addition, an illustratedembodiment needs not have all the aspects or advantages shown. An aspector an advantage described in conjunction with a particular embodiment isnot necessarily limited to that embodiment and can be practiced in anyother embodiments even if not so illustrated, or if not so explicitlydescribed.

The present disclosure relates to improved security in hearing systemcommunication. The hearing system comprises a server device and ahearing device system. The hearing device system comprises a hearingdevice and a user accessory device having a user application installedthereon. The server device may be controlled by the hearing devicemanufacturer. The server device may be a distributed server device, i.e.a server device with distributed processors. Namely, the methods, userapplication and server device disclosed herein enables hearing systemcommunication that is robust against security threats, vulnerabilitiesand attacks by implementing appropriate safeguards and countermeasures,such as security mechanisms, to protect against threats and attacks. Thepresent disclosure relates to hearing system communication that isrobust against replay attacks, unauthorized access, battery exhaustionattacks, and man-in-the-middle attacks.

The user accessory device comprises a memory unit and an interfacerespectively connected to a processing unit. The memory unit may includeremovable and non-removable data storage units including, but notlimited to, Read Only Memory (ROM), Random Access Memory (RAM), etc. Thememory unit has a user application stored thereon. The user applicationmay be a hearing device application, e.g. configured to wirelesslycommunicate with the hearing device, such as to control and/or configurethe hearing device. The interface comprises an antenna and a wirelesstransceiver, e.g. configured for wireless communication at frequenciesin the range from 2.4 to 2.5 GHz. The interface may be configured forcommunication, such as wireless communication, with the hearing devicecomprising an antenna and a wireless transceiver.

The present disclosure relates to hearing system communication betweenentities of a hearing system. The user accessory device forms anaccessory device to the hearing device. The user accessory device istypically paired or otherwise wirelessly coupled to the hearing device.The hearing device may be a hearing aid, e.g. of the behind-the-ear(BTE) type, in-the-ear (ITE) type, in-the-canal (ITC) type,receiver-in-canal (RIC) type or receiver-in-the-ear (RITE) type.Typically, the hearing device system is in possession of and controlledby the hearing device user. The user accessory device may be asmartphone, a smartwatch or a tablet computer.

One or more exemplary methods comprise obtaining hearing device data forthe hearing device in the server device. The hearing device data maycomprise firmware or firmware updates. The hearing device data maycomprise hearing device settings for the hearing device. The hearingdevice data may comprise a hearing device identifier, one or more keyidentifiers, one or more addresses and/or address identifiers. In one ormore exemplary methods, obtaining hearing device data for the hearingdevice in the server device may comprise receiving hearing device datafrom a fitting device, e.g. located at a hearing device dispenser. Inone or more exemplary methods, obtaining hearing device data for thehearing device in the server device may comprise retrieving hearingdevice data from a memory, e.g. a database, of the server device.

One or more exemplary methods comprise securing the hearing device data,e.g. using a first security scheme to obtain a first output. The firstoutput may be or comprise a first cipher text being the result of anencryption. One or more exemplary methods comprise securing the hearingdevice data, e.g. using a second security scheme to obtain a secondoutput. Securing hearing device data may comprise encrypting the hearingdevice data with a key (first key in first security scheme or second keyin second security scheme) to obtain a cipher text (first cipher text infirst security scheme or second cipher text in second security scheme).The cipher text obtained by encrypting may be included in the output.Securing hearing device data may comprise digitally signing the hearingdevice data. The digital signature obtained by digitally signing may beincluded in the output. Securing the hearing device data using a firstsecurity scheme may comprise digitally signing the hearing device datato obtain a first digital signature as at least a part of the firstoutput.

The first security scheme (encrypting and/or digitally signing) may beapplied in the server device or in the user application. The secondsecurity scheme (encrypting and/or digitally signing) may be applied inthe server device. Applying the first security scheme (encrypting and/ordigitally signing) in the server device may be advantageous in that theuser application does not need to hold encryption keys or any otherinformation about the first security scheme. Further, the hearing devicedata are encrypted all the way from the server device to the hearingdevice. Thus, a more secure hearing system communication is provided,since generally the user application is considered less secure than theserver device. Further, the required processing power in hearing systemcommunication is reduced for the user application.

A security scheme, such as the first security scheme and/or the secondsecurity scheme, may comprise a key, a set of keys or other keyingmaterial. A key has a key length. A scheme may comprise a primary key,e.g. used for securing hearing device data/first output, and a secondarykey, e.g. used for validating first output/second output. The primarykey may be a private (signature) or public (encryption) key. Thesecondary key may be a private (decryption) or public (verify signature)key.

For example, as a part of securing hearing device data and/or firstoutput, encrypting hearing device data/first output may be based on aprimary key being a public key. Further, as a part of validating firstoutput and/or second output, decrypting first output and/or secondoutput (the result of the encryption) may be based on a secondary keybeing a private key. A security scheme may comprise an encryptionalgorithm, e.g. a symmetric or asymmetric encryption algorithm, such asTriple DES, RSA, Blowfish, Twofish, Advanced Encryption Standard (AES),and Elliptic Curve Cryptography.

For example, as a part of securing hearing device data and/or firstoutput, digitally signing hearing device data/first output may be basedon a primary key being a private key. Further, as a part of validatingfirst output and/or second output, verifying first output and/or secondoutput (the result of digitally signing) may be based on a secondary keybeing a public key.

In one or more exemplary methods, securing the hearing device data usinga second security scheme may comprise digitally signing the hearingdevice data to obtain a second digital signature as at least a part ofthe second output.

In one or more exemplary methods, the second security scheme comprises asecond key having a second key length, and securing the hearing devicedata using a second security scheme may comprise encrypting the hearingdevice data with the second encryption key to obtain a second ciphertext as at least a part of the second output.

In one or more exemplary methods, the hearing device data comprises ahearing device data integrity indicator, the method comprisingverifying, in the hearing device, the hearing device data based on thehearing device data integrity indicator and operating the hearing deviceaccording to the hearing device data if the hearing device data areverified.

One or more exemplary methods may comprise securing the first outputusing a second security scheme to obtain a second output, e.g. in theserver device. The second security scheme is optionally different fromthe first security scheme.

A scheme, such as the second security scheme, may be different fromanother scheme, such as the first security scheme, by using keys havingdifferent key lengths.

A security scheme may be different from another security scheme ifdifferent key lengths are used and/or different keys/key pairs are used.A scheme may be different from another scheme if different encryptionalgorithms are used in the two schemes. A security scheme may bedifferent from another security scheme if different common secrets areused, i.e. if the first security scheme uses a first common secret andthe second security scheme uses a second common secret different fromthe first common secret. It is an important advantage of the presentdisclosure that a high server-to-user app security level can be appliedin the communication between the server device and the userapplication/user accessory device, while a power-efficient and/ormemory-efficient security level can be applied in the communicationbetween the user application/accessory device and the hearing device. Inone or more exemplary methods/devices, the first security scheme may bemore complex than the second security scheme i.e. the first securityscheme requires more computational power/memory resources to performthan the second security scheme. In one or more exemplarymethods/devices, the first security scheme may be less complex than thesecond security scheme i.e. the first security scheme may lesscomputational power/memory resources to perform than the second securityscheme.

One or more exemplary methods comprise transmitting the second output tothe user application, e.g. from the server device. The second output maybe or comprise a second cipher text being the result of an encryption.

One or more exemplary methods comprise validating the second output inthe user application using the second security scheme, e.g. to obtainthe first output or the hearing device data. Validating the secondoutput may comprise decrypting a second cipher text of the second outputand/or verifying a second digital signature of the second output.

One or more exemplary methods comprise transmitting the first output tothe hearing device, e.g. from the user application.

One or more exemplary methods comprises receiving and validating thefirst output in the hearing device using the first security scheme toobtain the hearing device data. Validating the first output may comprisedecrypting a first cipher text of the first output and/or verifying afirst digital signature of the first output.

One or more exemplary methods comprise operating the hearing deviceaccording to the hearing device data, optionally if validating the firstoutput succeeds or is successful. Operating the hearing device accordingto the hearing device data may comprise storing at least a part of thehearing device in memory of the hearing device.

The first security scheme may comprise a first encryption key having afirst key length. Thus, securing the hearing device data using a firstsecurity scheme may comprise encrypting the hearing device data with thefirst encryption key to obtain a first cipher text as at least a part ofthe first output.

The second security scheme may comprise a second encryption key having asecond key length. Thus, securing the hearing device data or the firstoutput using a second security scheme to obtain a second output maycomprise encrypting the hearing device data or the first output with thesecond encryption key to obtain a second cipher text as at least a partof the second output.

The first key length, also denoted N1, may be shorter or larger than thesecond key length, also denoted N2. In one or more exemplary methods,the first key length N1 is less than 0.6*N2. In one or more exemplarymethods, e.g. where the first security scheme is a symmetric scheme, thefirst key length is in the range from 50 to 140 bits, such as 128 bits.In one or more exemplary methods, e.g. where the second security schemeis a symmetric scheme, the second key length N2 is larger than 100 bits,such as in the range from 128 to 300 bits, such as 128 bits, 192 bits or256 bits.

Securing the hearing device data using a first security scheme maycomprise digitally signing the hearing device data to obtain a firstdigital signature as at least a part of the first output.

Securing the first output using a second security scheme may comprisedigitally signing the first output to obtain a second digital signatureas at least a part of the second output.

The first security scheme may comprise or be based on a first commonsecret, and securing the hearing device data and validating the firstoutput is optionally based on the first common secret. The first commonsecret may be based on a hearing device identifier of the hearingdevice.

The second security scheme may comprise or be based on a second commonsecret. Securing the hearing device data or the first output andvalidating the second output is optionally based on the second commonsecret. The second common secret may be based on the hearing deviceidentifier of the hearing device.

The first security scheme may comprise a first primary key and a firstsecondary key. The first secondary key may be different from the firstprimary key. Securing the hearing device data may based on the firstprimary key and validating the first output may be based on the firstsecondary key.

The second security scheme may comprise a second primary key and asecond secondary key. The second secondary key may be different from thesecond primary key. Securing the hearing device data or the first outputmay be based on the second primary key and validating the second outputmay be based on the second secondary key.

The first security scheme may comprise a first encryption algorithm, andsecuring the hearing device data using a first security scheme to obtaina first output optionally comprises applying the first encryptionalgorithm to the hearing device data. The first encryption algorithm maybe symmetric, e.g. based on the first common secret. In one or moreexemplary methods, the first encryption algorithm is the AdvancedEncryption Standard (AES), such as a 128-bit or 196-bit AES.

The second security scheme may comprise a second encryption algorithmoptionally different from the first encryption algorithm, and securingthe hearing device data or the first output using a second securityscheme to obtain a second output optionally comprises applying thesecond encryption algorithm to the hearing device data or the firstoutput. The second encryption algorithm may be symmetric, e.g. based onthe second common secret. In one or more exemplary methods, the secondencryption algorithm is the Advanced Encryption Standard (AES), such asa 192-bit AES or a 256-bit AES.

The hearing device data may comprise a hearing device data integrityindicator indicative of hearing device integrity. The hearing devicedata integrity indicator may be a checksum/hash function. The hearingdevice data may comprise a digital signature. The method may compriseverifying the hearing device data, e.g. based on the hearing device dataintegrity indicator and/or the digital signature of the hearing devicedata, and operating the hearing device according to the hearing devicedata, optionally if the hearing device data are verified.

Operating the hearing device according to the hearing device data maycomprise storing the hearing device data or at least a part thereof in amemory of the hearing device.

Throughout, the same reference numerals are used for identical orcorresponding parts.

FIG. 1 shows an exemplary hearing system. The hearing system 2 comprisesa server device 4 and a hearing device system 6 comprising a hearingdevice 8 and a user accessory device 10. The user accessory device 10 isa smartphone configured to wirelessly communicate with the hearingdevice 8. A user application 12 is installed on the user accessorydevice 10. The user application may be for controlling the hearingdevice 8 and/or assisting a hearing device user wearing/using thehearing device 8. In one or more exemplary user applications, the userapplication 12 is configured to transfer hearing device data, such asfirmware and/or hearing device settings, to the hearing device.

The server device 4 and/or the user application 12 may be configured toperform any or some acts of the methods disclosed herein. The hearingdevice 8 may be configured to compensate for hearing loss of a user ofthe hearing device 8. The hearing device 8 is configured to communicatewith the user accessory device 10/user application 12, e.g. using awireless and/or wired first communication link 20. The firstcommunication link 20 may be a single hop communication link or amulti-hop communication link. The first communication link 20 may becarried over a short-range communication system, such as Bluetooth,Bluetooth low energy, IEEE 802.11 and/or Zigbee. The first communicationlink 20 may be carried over a short-range communication system per aproprietary protocol.

In an exemplary hearing system, the hearing device data are secured inthe server device using the second security scheme and the firstsecurity scheme is then applied to hearing device data in the userapplication (being the result of validating the second output using thesecond security scheme in the user application).

The user accessory device 10/user application 12 is configured toconnect to the server device 4 over a network, such as the Internetand/or a mobile phone network, via a second communication link 22. Theserver device 4 may be controlled by the hearing device manufacturer.The hearing device 8 comprises an antenna 24 and a radio transceiver 26coupled to the antenna 24 for receiving/transmitting wirelesscommunication including first communication link 20. The hearing device8 comprises a set of microphones comprising a first microphone 28 andoptionally a second microphone 30 for provision of respective first andsecond microphone input signals. The hearing device 8 may be asingle-microphone hearing device. The hearing device 8 comprises amemory unit (not shown) connected to the processor, wherein hearingdevice data, e.g. hearing device settings and/or firmware are stored inthe memory unit.

The hearing device 8 comprises a processor 32 connected to thetransceiver 26 and microphones 28, 30 for receiving and processing inputsignals. The processor 32 is configured to compensate for a hearing lossof a user based on hearing device settings and to provide an electricaloutput signal based on the input signals. A receiver 34 converts theelectrical output signal to an audio output signal to be directedtowards an eardrum of the hearing device user.

The user accessory device 10 comprises a processing unit 36, a memoryunit 38, an interface 40. The user application 12 is installed in thememory unit 38 of the user accessory device 10 and is configured toreceive a second output from the server device; validate the secondoutput in the user application using a second security scheme to obtainhearing device data or first output. If the validation with the secondsecurity scheme provides hearing device data, the user application isconfigured to secure the hearing device data using a first securityscheme to obtain a first output, wherein the first security scheme isdifferent from the second security scheme. On the other hand, if thehearing device data have already been secured in the server device usinga first security scheme, the output of the validation with the secondsecurity scheme corresponds to or at least comprises the first output.Subsequently, the user application is configured to transmit the firstoutput to the hearing device.

FIG. 2 shows an exemplary method for hearing system communication in ahearing system. The method 100 comprises obtaining 102 hearing devicedata for the hearing device in the server device. The hearing devicedata may comprise firmware and/or hearing device settings for thehearing device in question. The method 100 comprises securing 104, e.g.digitally signing and/or encrypting, the hearing device data using afirst security scheme to obtain a first output in the server device 4;securing 106, e.g. digitally signing and/or encrypting, the first outputusing a second security scheme to obtain a second output in the serverdevice 4, wherein the second security scheme is different from the firstsecurity scheme; transmitting 108 the second output from the serverdevice 4 to the user application 12 of the accessory device 10;validating 110 the second output in the user application using thesecond security scheme to obtain the first output; transmitting 112 thefirst output from the user application 12 of the accessory device 10 tothe hearing device; receiving and validating 114 the first output in thehearing device using the first security scheme to obtain the hearingdevice data; and operating 116 the hearing device according to thehearing device data. Operating 116 the hearing device according to thehearing device data may comprise storing hearing device data or at leastparts thereof in memory of the hearing device if validating the firstoutput is successful.

FIG. 3 shows an exemplary method for hearing system communication in ahearing system. The method 200 comprises: obtaining 202 hearing devicedata for the hearing device in the server device; securing 204 in theserver device 4 the hearing device data using a second security schemeto obtain a second output; 206 transmitting the second output from theserver device 4 to the user application 12 of the accessory device 10;validating 208 the second output in the user application 12 using thesecond security scheme to obtain the hearing device data; securing 210by the user application 12 the hearing device data using a firstsecurity scheme to obtain a first output, wherein the first securityscheme is different from the second security scheme; transmitting 212the first output from the user application 12 to the hearing device;receiving and validating 214 the first output in the hearing deviceusing the first security scheme to obtain the hearing device data; andoperating 216 the hearing device according to the hearing device data.Operating 216 the hearing device according to the hearing device datamay comprise storing hearing device data or at least parts thereof inmemory of the hearing device if validating the first output issuccessful.

FIG. 4 shows an exemplary server device 4 for communication in a hearingsystem comprising the server device and a hearing device systemcomprising a hearing device and a user accessory device with a userapplication installed thereon. The server device 4 comprises aprocessing unit 250, e.g. comprising one or more processors, a memoryunit 252, e.g. comprising a database, and an interface 254. Theprocessing unit 250 is configured to obtain hearing device data for thehearing device, e.g. from the memory unit 252 and/or via the interface254 from e.g. a fitting device; secure the hearing device data using afirst security scheme to obtain a first output; secure the first outputusing a second security scheme to obtain a second output, wherein thesecond security scheme is different from the first security scheme; andtransmit the second output to the user application.

The use of the terms “first”, “second”, “third” and “fourth”, etc. doesnot imply any particular order, but are included to identify individualelements. Moreover, the use of the terms first, second, etc. does notdenote any order or importance, but rather the terms first, second, etc.are used to distinguish one element from another. Note that the wordsfirst and second are used here and elsewhere for labelling purposes onlyand are not intended to denote any specific spatial or temporalordering. Furthermore, the labelling of a first element does not implythe presence of a second element and vice versa.

Although particular features have been shown and described, it will beunderstood that they are not intended to limit the claimed invention,and it will be made obvious to those skilled in the art that variouschanges and modifications may be made without departing from the spiritand scope of the claimed invention. The specification and drawings are,accordingly to be regarded in an illustrative rather than restrictivesense. The claimed invention is intended to cover all alternatives,modifications and equivalents.

LIST OF REFERENCES

2 hearing system

4 server device

6 hearing device system

8 hearing device

10 user accessory device

12 user application

20 first communication link

22 second communication link

24 antenna

26 radio transceiver

28 first microphone

30 second microphone

32 processor

34 receiver

36 processing unit

38 memory unit

40 interface

100 method for hearing system communication in a hearing system

102 obtain

104 secure

106 secure

108 transmit

110 validate

112 transmit

114 receive and validate

116 operate hearing device

200 method for hearing system communication in a hearing system

202 obtain

204 secure

206 transmit

208 validate

210 secure

212 transmit

214 receive and validate

216 operate hearing device

250 processing unit

252 memory unit

254 interface

1. A server device for communication in a hearing system comprising the server device and a hearing device system, the hearing device system comprising a hearing device and a user accessory device with a user application installed thereon, wherein the server device comprises a processing unit configured to: obtain hearing device data for the hearing device; secure the hearing device data using a first security scheme to obtain a first output; secure the first output using a second security scheme to obtain a second output, wherein the second security scheme is different from the first security scheme; and transmit the second output to the user accessory device.
 2. The server device of claim 1, wherein the second output is processable by the accessory device to obtain the first output.
 3. The server device of claim 1, wherein the first output is processable by the hearing device to obtain the hearing device data.
 4. The server device of claim 1, wherein the first security scheme involves a first key having a first key length, and wherein the processing unit is configured to secure the hearing device data by encrypting the hearing device data with the first key to obtain a first cipher text as at least a part of the first output.
 5. The server device of claim 1, wherein the processing unit is configured to secure the hearing device data by digitally signing the hearing device data to obtain a first digital signature as at least a part of the first output.
 6. The server device of claim 5, wherein the processing unit is configured to secure the first output by digitally signing the first output to obtain a second digital signature as at least a part of the second output.
 7. The server device of claim 4, wherein the second security scheme involves a second key having a second key length, and wherein the processing unit is configured to secure the first output by encrypting the first output with the second key to obtain a second cipher text as at least a part of the second output.
 8. The server device of claim 7, wherein the first key length is shorter than the second key length.
 9. The server device of claim 1, wherein the first security scheme comprises or is based on a first common secret, and wherein the processing unit is configured to secure the hearing device data based on the first common secret.
 10. The server device of claim 9, wherein the second security scheme comprises or is based on a second common secret, and wherein the processing unit is configured to secure the first output based on the second common secret.
 11. The server device of claim 1, wherein the first security scheme involves a first primary key and a first secondary key; wherein the first secondary key is different from the first primary key; wherein the processing unit is configured to secure the hearing device data based on the first primary key; and wherein the first output is configured to be validated by the hearing device based on the first secondary key.
 12. The server device of claim 11, wherein the second security scheme involves a second primary key and a second secondary key; wherein the second secondary key is different from the second primary key; wherein the processing unit is configured to secure the first output based on the second primary key; and wherein the second output is configured to be validated based on the second secondary key.
 13. The server device of claim 1, wherein the second security scheme involves a primary key and a secondary key; wherein the secondary key is different from the primary key; wherein the processing unit is configured to secure the first output based on the primary key; and wherein the second output is configured to be validated based on the secondary key.
 14. A method for communication in a hearing system comprising the server device and a hearing device system, the hearing device system comprising a hearing device and a user accessory device with a user application installed thereon, the method comprising: obtaining hearing device data for the hearing device; securing the hearing device data using a first security scheme to obtain a first output; securing the first output using a second security scheme to obtain a second output, wherein the second security scheme is different from the first security scheme; and transmitting the second output to the user accessory device.
 15. The method according to claim 14, wherein the security scheme comprises a first key having a first key length, and wherein the act of securing the hearing device data using the security scheme comprises encrypting the hearing device data with the first key to obtain a first cipher text as at least a part of the output.
 16. A user accessory device that is a part of a hearing device system having a hearing device, the user accessory device having a user application installed thereon, the user accessory device having a processing unit configured to: receive a secured hearing device data from a server device, wherein the secured hearing device data is based on a first security scheme; validate, using the user application in the user accessory device, the secured hearing device data to obtain the hearing device data; and secure the hearing device data using a second security scheme to obtain an output, wherein the first security scheme is different from the second security scheme; wherein the user accessory device is configured to transmit the output to the hearing device for validation in the hearing device, wherein the hearing device is operable according to the hearing device data upon validation of the output.
 17. A hearing device system comprising the user accessory device of claim 16, and the server device, wherein the server device is configured to secure the hearing device data based on the first security scheme.
 18. A hearing device system comprising the user accessory device of claim 16, and the hearing device, wherein the hearing device is configured to obtain the output, and validate the output to obtain the hearing device data.
 19. A user accessory device that is a part of a hearing device system having a hearing device, the user accessory device having a user application installed thereon, wherein the hearing device system is configured to communicate with a server device, the server device configured to obtain hearing device data, secure the hearing device data using a first security scheme to obtain a first output, secure the first output using a second security scheme to obtain a second output, the user accessory device of the hearing device system configured to: receive the second output; validate the second output that is associated with the second security scheme to obtain the first output; and transmit the first output to the hearing device for validation to obtain the hearing device data, wherein the hearing device is operable according to the hearing device data upon validation of the first output.
 20. A hearing device system comprising the user accessory device of claim 19, and the server device.
 21. A hearing device system comprising the user accessory device of claim 19, and the hearing device, wherein the hearing device is configured to obtain the first output, and validate the first output to obtain the hearing device data.
 22. A method performed by a user accessory device that is a part of a hearing device system having a hearing device, the user accessory device having a user application installed thereon, the method comprising: receiving a secured hearing device data by the user accessory device from a server device, wherein the secured hearing device data is based on a first security scheme; validating, using the user application in the user accessory device, the secured hearing device data to obtain the hearing device data; securing, by the user accessory device, the hearing device data using a second security scheme to obtain an output, wherein the first security scheme is different from the second security scheme; and transmitting the output to the hearing device for validation in the hearing device, wherein the hearing device is operable according to the hearing device data upon validation of the output.
 23. A method performed by a user accessory device, the user accessory device being a part of a hearing device system having a hearing device, the user accessory device having a user application installed thereon, wherein the hearing device system is configured to communicate with a server device, the server device configured to obtain hearing device data, secure the hearing device data using a first security scheme to obtain a first output, secure the first output using a second security scheme to obtain a second output, the method comprising: receiving the second output by the user accessory device; validating, using the user application in the user accessory device, the second output that is associated with the second security scheme to obtain the first output; and transmitting the first output to the hearing device for validation to obtain the hearing device data, wherein the hearing device is operable according to the hearing device data upon validation of the first output. 